diff options
author | Petko Manolov <petkan@mip-labs.com> | 2016-01-03 16:36:38 +0100 |
---|---|---|
committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2016-01-03 19:22:38 +0100 |
commit | 6427e6c71c8b374761b661c4f355762794c171a1 (patch) | |
tree | 3648577f5c9ca834f9e634e93ea94cecae6e3245 | |
parent | IMA: policy can be updated zero times (diff) | |
download | linux-6427e6c71c8b374761b661c4f355762794c171a1.tar.xz linux-6427e6c71c8b374761b661c4f355762794c171a1.zip |
ima: ima_write_policy() limit locking
There is no need to hold the ima_write_mutex for so long. We only need it
around ima_parse_add_rule().
Changelog:
- The return path now takes into account failed kmalloc() call.
Reported-by: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: Petko Manolov <petkan@mip-labs.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
-rw-r--r-- | security/integrity/ima/ima_fs.c | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c index 3caed6de610c..f355231997b4 100644 --- a/security/integrity/ima/ima_fs.c +++ b/security/integrity/ima/ima_fs.c @@ -261,13 +261,8 @@ static const struct file_operations ima_ascii_measurements_ops = { static ssize_t ima_write_policy(struct file *file, const char __user *buf, size_t datalen, loff_t *ppos) { - char *data = NULL; + char *data; ssize_t result; - int res; - - res = mutex_lock_interruptible(&ima_write_mutex); - if (res) - return res; if (datalen >= PAGE_SIZE) datalen = PAGE_SIZE - 1; @@ -286,14 +281,19 @@ static ssize_t ima_write_policy(struct file *file, const char __user *buf, result = -EFAULT; if (copy_from_user(data, buf, datalen)) - goto out; + goto out_free; + result = mutex_lock_interruptible(&ima_write_mutex); + if (result < 0) + goto out_free; result = ima_parse_add_rule(data); + mutex_unlock(&ima_write_mutex); + +out_free: + kfree(data); out: if (result < 0) valid_policy = 0; - kfree(data); - mutex_unlock(&ima_write_mutex); return result; } |